Malicious actors have exploited Justice AV Solutions’ courtroom video recording software to distribute RustDoor malware, a backdoor associated with a known cyber threat. Tracked as CVE-2024-4978, this software supply chain attack impacts JAVS Viewer v8.3.7, a component of the JAVS Suite 8 used for recording proceedings and meetings. Security firm Rapid7 initiated an investigation after discovering a malicious executable within the software installer downloaded from the official JAVS site.
Upon analysis, Rapid7 researchers found that the installer was signed with an unexpected Authenticode signature and contained the malicious binary “fffmpeg.exe.” This binary, along with the installer, was signed by an Authenticode certificate issued to “Vanguard Tech Limited,” deviating from the legitimate signing entity, “Justice AV Solutions Inc.” The malware, once executed, establishes contact with a command-and-control server, executes obfuscated PowerShell scripts, and attempts to download additional payloads disguised as legitimate software updates.
RustDoor, the malware distributed through this attack, was initially identified targeting Apple macOS devices but has now been observed in Windows environments. It exhibits similar functionality across platforms, including establishing communication with C&C servers and executing malicious scripts. While JAVS has taken measures to address the security issue, users are advised to verify the digital signatures of JAVS software and follow recommended security protocols to mitigate the risk of infection and data compromise.
